Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Unraid lack of security monitoring support (auditd)

Featured Replies

Right now there is no clean way to monitor the security on Unraid OS, I think is something critical since many people is publishing dockers to internet.

 

It's not compatible with auditd or wazuh or elastic agents or similar solutions.

 

Right now even easy projects like crowdsec are compatible with auditd so people can easily implement some monitoring or going more advance with wazuh or other tools make use of the sigma rules, wazuh, security onion, Qradar Community edition, etc.

 

So the request at least is to have auditd official support which is the standard way to monitor linux OS, wazuh support would be awesome as well.

 

https://slackbuilds.org/repository/15.0/system/audit/

 

  • 4 months later...

I managed to enable the Linux Audit Framework for unRAID but unfortunately it requires rebuilding the kernel. It's a simple flag in the .config file when building and I don't think there is really any downside or performance hit to having it available since the package would still need to be installed to use it. I think it would be beneficial to enable this for unRAID as it open the door for a more community development. I'm working on one right now that would benefit greatly from being able to track file system changes.

Edited by bobbintb

  • 4 months later...
On 11/2/2023 at 11:01 AM, bobbintb said:

I managed to enable the Linux Audit Framework for unRAID but unfortunately it requires rebuilding the kernel.

@bobbintb, did you happen to use any particular guide to accomplish this? Or have one in mind that you recommend? I'm also in need of auditd support, and though I have many years of Linux experience, I have yet to build a custom kernel. Thanks for any advice!

  • Author
9 hours ago, bland328 said:

@bobbintb, did you happen to use any particular guide to accomplish this? Or have one in mind that you recommend? I'm also in need of auditd support, and though I have many years of Linux experience, I have yet to build a custom kernel. Thanks for any advice!

Someone told me that they might add auditd in 6.13. So I am waiting for it

The necessary options in the Kernel should be included in 6.13.x so that community developers can build a plugin around it.

  • Author
2 minutes ago, ich777 said:

The necessary options in the Kernel should be included in 6.13.x so that community developers can build a plugin around it.

Why it would need a plugin? To configure it via webui?

16 minutes ago, L0rdRaiden said:

Why it would need a plugin? To configure it via webui?

Because you would also need some application to interact with it, so to speak audit itself and also to make the settings that you configure persistent across reboots.

  • 2 weeks later...
On 3/3/2024 at 4:18 PM, bland328 said:

@bobbintb, did you happen to use any particular guide to accomplish this? Or have one in mind that you recommend? I'm also in need of auditd support, and though I have many years of Linux experience, I have yet to build a custom kernel. Thanks for any advice!

I did use a guide, or a least part of one. It will be included in version 6.13, as mentioned. I do have a compiled version on github:
https://github.com/bobbintb/unRAID-audit
But fair warning, I haven't looked at it in a while so I am not sure how out of date it is.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.